Guy Rosen, Facebook's VP Product Management, said the company has contacted browser makers to ensure the infected extensions are no longer offered for download in their stores.
Once hackers obtained conversations, they proceeded to sell them online for 10 cents (8 British pence) per account - a small sum that multiplied by 81,000 could've been a lucrative haul for the hackers were they not shutdown by local police.
According to The Information, Facebook is in talks to buy a major cybersecurity company to help protect users.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook in October admitted that hackers broke into almost 50 million users' accounts by stealing their "access tokens" or digital keys. However, this new stolen data appears to have been obtained through malicious browser add-ons.
"Data from a further 176,000 accounts was also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it", continued the BBC report. Most of the users included in the samples were from Russian Federation and the Ukraine, but the hackers apparently also were able to breach the accounts of users from the USA and the United Kingdom.
India tried its luck by asking the Central Bureau of Investigation (CBI) to look into the Cambridge Analytica breach, but we all know how that panned out.
For thousands - and potentially millions - of Facebook users, correspondence sent in confidence via the social network's private messages platform have proven to be anything but.
The BBC said there was reason to believe the 120 million claim was exaggerated.
The publication also cited Digital Shadows to claim that 120 million was an unlikely figure for the number of victims, as Facebook would not have missed such a large breach.
When asked about a possible connection to the Russian state or Kremlin-run programs like the Internet Research Agency, a representative for the hacking group only identified as John Smith said there was no connection.